_PROBLEM_
When trying to start a workflow on my SharePoint 2007 applications, Internet Explorer versions 6 and 7 fail with an error message:
"The form cannot be displayed in the browser because the use of session cookies has been disabled in the current browser settings. In order to load the form, session cookies must be allowed."
Specifically, selecting Workflows from a shared document drop down menu takes one to a Workflows page (eg. Intranet Home > Shared Documents > Excel File.xls > Workflows). Then choosing one of the "Start a New Workflow" options will cause IE to display the error.
Note: In Internet Explorer 6, the bottom of the IE interface displays an icon which looks like an eye with a red do-not-enter symbol. This icon allows access to a Privacy Report which will misleadingly indicate that your Privacy Settings is causing cookies to be blocked. Internet Explorer version 7 does NOT even display this icon.
This error message is VERY MISLEADING. No matter what you change within the Security or Privacy Settings of Internet Explorer this problem will not be resolved.
This seems to be a particular problem whenever someone uses InfoPath Forms Services.
_CAUSE_
The cause is the presence of an underscore (_) in the host name of the url. In my case, the particular SharePoint application was being served from http://sandbox_sp1/ (aka. sandbox_sp1.mycompany.local). Internet Explorer refused to accept any cookies from this URL because of the underscore in the host name.
According to KB article #325192, this behavior is "by design" but there is nothing in the error message displayed, in IE's interface, or in the "Internet Options." that indicate this to be the source of the problem or even a concern. KB article #325192 "Issues after you install updates to Internet Explorer or Windows" reads:
"� Cookies on ASP pages are blocked if the server name contains characters that are not supported by Domain Name System (DNS). For example, you cannot use underscore characters (_) in the server name. This behavior is by design."
_SOLUTION_
DON'T just rename your machine. The machine name is hard-coded throughout the SharePoint config files and database and throughout the registry for various applications.
DO set up an Alternate Access Mapping so that users can interact with the site using a different URL. Go to Central Administration > Operations > Alternate Access Mappings and use the Add Internal URLs option. For a quick fix, i just added a new hostname to our internal DNS and then added the FQDN as an Internal URL for the "Intranet" zone.
_DISCUSSION_
Historically, the underscore character has been allowable for NetBIOS names but not allowable as host names according to RFC 1132 [ http://www.ietf.org/rfc/rfc1123.txt ] except as the *first* character in certain circumstances. Over the years as Microsoft has taken various positions toward standards compliancy there has been inconsistency across MS implimentations. Additionally, the underscore has widely and popularly used in DNS hostnames in spite of the RFC restrictions.
This TechNet article nicely outlines the four basic approaches: http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet…
This article discusses the problem in the context of Active Directory and DNS:
http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/AdminTips…
And, of course, there's Wikipedia:
http://en.wikipedia.org/wiki/Hostname#Restrictions_on_valid_host_names
Someone set me straight:Is "Alternate Access Mapping" just another name for a virtual host?
seanharrison